<?php
/*
- * Laconica - a distributed open-source microblogging tool
- * Copyright (C) 2008, Controlez-Vous, Inc.
+ * StatusNet - the distributed open-source microblogging tool
+ * Copyright (C) 2008, 2009, StatusNet, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-if (!defined('LACONICA')) { exit(1); }
+if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
class ApiAction extends Action
{
if (!isset($_SERVER['PHP_AUTH_USER'])) {
# This header makes basic auth go
- header('WWW-Authenticate: Basic realm="Laconica API"');
+ header('WWW-Authenticate: Basic realm="StatusNet API"');
# If the user hits cancel -- bam!
$this->show_basic_auth_error();
$this->process_command();
} else {
# basic authentication failed
+ list($proxy, $ip) = common_client_ip();
+
+ common_log(LOG_WARNING, "Failed API auth attempt, nickname = $nickname, proxy = $proxy, ip = $ip.");
$this->show_basic_auth_error();
}
}
} else {
- # Caller might give us a username even if not required
- if (isset($_SERVER['PHP_AUTH_USER'])) {
- $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
- if ($user) {
- $this->user = $user;
- }
- # Twitter doesn't throw an error if the user isn't found
- }
+ // Caller might give us a username even if not required
+ if (isset($_SERVER['PHP_AUTH_USER'])) {
+ $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
+ if ($user) {
+ $this->user = $user;
+ }
+ # Twitter doesn't throw an error if the user isn't found
+ }
$this->process_command();
}
}
}
- # Whitelist of API methods that don't need authentication
+ // Whitelist of API methods that don't need authentication
function requires_auth()
{
static $noauth = array( 'statuses/public_timeline',
'users/show',
'help/test',
'help/downtime_schedule',
- 'laconica/version',
- 'laconica/config',
- 'laconica/wadl');
+ 'statusnet/version',
+ 'statusnet/config',
+ 'statusnet/wadl',
+ 'tags/timeline',
+ 'oembed/oembed',
+ 'groups/show',
+ 'groups/timeline',
+ 'groups/list_all',
+ 'groups/timeline');
static $bareauth = array('statuses/user_timeline',
'statuses/friends_timeline',
'statuses/friends',
'statuses/replies',
+ 'statuses/mentions',
'statuses/followers',
- 'favorites/favorites');
+ 'favorites/favorites',
+ 'friendships/show',
+ 'groups/list_groups');
$fullname = "$this->api_action/$this->api_method";
- // If the site is "private", all API methods except laconica/config
+ // If the site is "private", all API methods except statusnet/config
// need authentication
+
if (common_config('site', 'private')) {
- return $fullname != 'laconica/config' || false;
+ return $fullname != 'statusnet/config' || false;
}
+ // bareauth: only needs auth if without an argument or query param specifying user
+
if (in_array($fullname, $bareauth)) {
- # bareauth: only needs auth if without an argument
- if ($this->api_arg) {
+
+ // Special case: friendships/show only needs auth if source_id or
+ // source_screen_name is not specified as a param
+
+ if ($fullname == 'friendships/show') {
+
+ $source_id = $this->arg('source_id');
+ $source_screen_name = $this->arg('source_screen_name');
+
+ if (empty($source_id) && empty($source_screen_name)) {
+ return true;
+ }
+
return false;
- } else {
+ }
+
+ // if all of these are empty, auth is required
+
+ $id = $this->arg('id');
+ $user_id = $this->arg('user_id');
+ $screen_name = $this->arg('screen_name');
+
+ if (empty($this->api_arg) &&
+ empty($id) &&
+ empty($user_id) &&
+ empty($screen_name)) {
return true;
+ } else {
+ return false;
}
+
} else if (in_array($fullname, $noauth)) {
- # noauth: never needs auth
+
+ // noauth: never needs auth
+
return false;
} else {
- # everybody else needs auth
+
+ // everybody else needs auth
+
return true;
}
}
}
}
- function isReadOnly($args)($args)
+ function isReadOnly($args)
{
$apiaction = $args['apiaction'];
$method = $args['method'];